The Newest Online Threat – .Zepto Ransomware

Terrible news shook the web the other day, as reports surfaced of a new ransomware virus circulating the web.

A new version of the infamous Locky ransomware has been unleashed upon users worldwide, affecting computers all across the globe from the USA to Mexico, Japan, Germany, and beyond. The unwelcome arrival of the new virus was first reported yesterday here and was later confirmed by another source.

It works like most ransomware does, seizing the files on a victim’s PC and encrypting them. Much like its predecessor, Locky, the new virus changes the name of the files to its own extension: .zepto, which is why it has now become known as the Zepto Virus.

Once the encryption process is complete, the virus then changes the desktop image to a ransom note, informing the affected user of the actions that had taken place and providing instructions as to how the victim can receive the decryption key. It also creates files with the same information in each of the encrypted folders titled “_HELP_instructions.html”.

The amount demanded by the hackers in exchange for the key is 0.5 Bitcoins, which is roughly the equivalent of $300; however, it is likely that that number will be substantially increased in the event large businesses or organizations are affected.

At this point, there is no known way of breaking the encryption, but cyber-security experts are already working on cracking the .Zepto code. As was the case with .locky, this new ransomware uses the strong RSA-2048 and AES-128 ciphers.

Users are advised to take extra precautions when browsing the web and especially when dealing with newly received emails. This is the way ransomware is most commonly distributed, so be especially critical towards spam emails, more so if they come with attached files.

If you have fallen victim to this rapidly spreading virus, it’s not advisable to give in to the hackers’ demands and pay the requested ransom. This practice is what stimulates the cybercriminals to continue with their illegal activities and there are no guarantees that you will receive any decryption key.

Instead, you can try using the following removal instructions that would hopefully help you locate and delete the .Zepto virus. Other than that, there is little else to be done than wait for a working decrypter to be released in order to recover your files.

About the Author:Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Editor’s Note:The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.